Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Secure Email Gateway by Omnissa
CVE-2025-25235 (GCVE-0-2025-25235)
Vulnerability from nvd – Published: 2025-08-11 21:47 – Updated: 2025-08-12 15:45
VLAI
Title
Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Omnissa | Secure Email Gateway |
Unaffected:
2.32 and later
(custom)
Unaffected: 2503 and later (custom) |
Date Public
2025-08-11 18:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:45:19.584760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:45:31.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Email Gateway",
"vendor": "Omnissa",
"versions": [
{
"status": "unaffected",
"version": "2.32 and later",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2503 and later",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-08-11T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."
}
],
"value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T21:47:47.823Z",
"orgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"shortName": "Omnissa"
},
"references": [
{
"url": "https://www.omnissa.com/omsa-2025-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"assignerShortName": "Omnissa",
"cveId": "CVE-2025-25235",
"datePublished": "2025-08-11T21:47:25.510Z",
"dateReserved": "2025-02-04T20:59:07.334Z",
"dateUpdated": "2025-08-12T15:45:31.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25235 (GCVE-0-2025-25235)
Vulnerability from cvelistv5 – Published: 2025-08-11 21:47 – Updated: 2025-08-12 15:45
VLAI
Title
Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Omnissa | Secure Email Gateway |
Unaffected:
2.32 and later
(custom)
Unaffected: 2503 and later (custom) |
Date Public
2025-08-11 18:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:45:19.584760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:45:31.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Email Gateway",
"vendor": "Omnissa",
"versions": [
{
"status": "unaffected",
"version": "2.32 and later",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2503 and later",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-08-11T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."
}
],
"value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T21:47:47.823Z",
"orgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"shortName": "Omnissa"
},
"references": [
{
"url": "https://www.omnissa.com/omsa-2025-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"assignerShortName": "Omnissa",
"cveId": "CVE-2025-25235",
"datePublished": "2025-08-11T21:47:25.510Z",
"dateReserved": "2025-02-04T20:59:07.334Z",
"dateUpdated": "2025-08-12T15:45:31.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}